- Add intelligent URL detection supporting BASE_URL, PUBLIC_URL, and proxy headers - Fix hardcoded localhost URLs in server console output - Add hostname validation to prevent host header injection attacks - Restrict URL schemes to http/https only (block javascript:, file://, etc.) - Remove sensitive environment data from API responses - Add GET endpoints (/, /mcp) for better API discovery - Fix version inconsistency between server implementations - Update HTTP bridge to use HOST/PORT environment variables - Add comprehensive test scripts for URL configuration and security This resolves issues #41 and #42 by making the HTTP server properly handle deployment behind reverse proxies and adds critical security validations. 🤖 Generated with [Claude Code](https://claude.ai/code) Co-Authored-By: Claude <noreply@anthropic.com>
This commit is contained in:
czlonkowski
@@ -1,6 +1,6 @@
|
||||
{
|
||||
"name": "n8n-mcp",
|
||||
"version": "2.7.14",
|
||||
"version": "2.7.15",
|
||||
"description": "Integration between n8n workflow automation and Model Context Protocol (MCP)",
|
||||
"main": "dist/index.js",
|
||||
"bin": {
|
||||
@@ -41,6 +41,7 @@
|
||||
"test:workflow-diff": "node dist/scripts/test-workflow-diff.js",
|
||||
"test:transactional-diff": "node dist/scripts/test-transactional-diff.js",
|
||||
"test:tools-documentation": "node dist/scripts/test-tools-documentation.js",
|
||||
"test:url-configuration": "npm run build && ts-node scripts/test-url-configuration.ts",
|
||||
"test:search-improvements": "node dist/scripts/test-search-improvements.js",
|
||||
"test:fts5-search": "node dist/scripts/test-fts5-search.js",
|
||||
"migrate:fts5": "node dist/scripts/migrate-nodes-fts.js",
|
||||
|
||||
Reference in New Issue
Block a user